Threat Modelling of the software deployed :Most of the processing of understanding the threat on the application is based on the

architecture of network and the transport of data in the organization. It also depends on the degree of trust between the various applications interacting with each other. The data being exchanged required to be done in such a manner that the modeling of the same is difficult in the real world by an attacker. Threat modeling:This is a continuous process. It is iterative process done over and over again throughout the system lifecycle. In the real world the system cannot be modeled completely. Hence the threats can change their parameters. We have to identify the threats, attacks and the vulnerabilities for taking the counter measures in the context of the application in question. If the modeling is done at the design time it is the cheapest and if the application is already deployed then the cost of implementing changes in a application will be costlier but possible. After threat modeling prioritizing the same as per the threat environment is done so that the budgeting of the same could be done. Threat modeling is done by the Security, Operations, System engineering, Architecture and most important is that any of the lead process can influence the modeling of threats. Principles:- (Application security Arch Principles) These are desirable but not mandatory, behaviors, designs and implementation practices. The principles do not eliminate the threat but reduce the likelihood of the threat realization. Hence it not only mitigates the threat but also recovery from an incident. Security principles are language independent, architecturally neutral, premitives that can be leveraged to design and construct applications. (OWSAP website) In simple terms if we are designing application using some primitives they should be architecturally neutral and language independent. These principles help us taking security decisions easily By considering the threat we will tend to attain more protection in .. Applying defense in depth:e.g even if session is hijacked they cannot change password without knowledge of present password. Positive security model: It is nothing but white listing. So checking what the input is. We are not allowing any input that is not the correct input. We by default do not allow non required inputs. Fail securely: If a process fails to process a request then it should be disallowed. Do not trust services or external systems: This restricts the use of services unless required. so a .. Establish secure defaults: As soon as the application is accessed or deployed the default configurations should be changed by default before application starts working. Microsoft STRIDE: These are threats that are required to be addressed to take care of the threats. These are used and promoted by Microsoft to secure their application. Spoofing - Authentication Pretend to be someone else Tampering Integrity Modifying data or code Repudiation Non repudiation Claiming to have not performed an action Information Disclosure Confidentiality Exposing information to unauthorized Persons Denial of Service Availability Delay or degrade of service to users Elevation of Privilege Authorization Gain capabilities without proper authorization. Mitigation ( point of threat Modeling) Mitigation is an act of addressing or alleviating a threat. Protect resources Implement secure systems .. Four ways to mitigare threats

Redesign to eliminate threats Apply standard mitigations Invent new mitigations Accept vulnerability in architecture or implementation. Ensure that the mitigation of each threat is done completely. These are merely catagorising of threats there are a number of ways the threats can be mitigated .list in the ppt shown byt Microsoft The attackers might use the assets that are owned and paid and we need to mitigate because there might be vulnerabilities. The is done by threat modeling. Secure web programming: 1. Fact:- 95% of attacks are against Web servers abd web applications 2. Top 3 verticales compromised were financial services, hospitals and retail. 3. More than 60% of attacks were caused by external agents 4. Primary attack vwctor was SQL injection and was used to install customized malware. Hence the protection against SQL is trivial. Web application architecture:There ate three parts to it User agents:- browser, client agent BOT etc it sends requests like GET, POST, HEAD, PUT, DELETE. Web Server:- Listens to requests, PHP ASP it talks to the database. Here there is programming logic to understand s type of requests. This processes the request received and send appropriate response. 1. Trusted code which we know for sure is the same thing that was developed and the integrity is maintained 2. Based on the validation we can classify data as tainted / bad or untained/good 3 Where is the data coming from:- Web server will be just responding if the request is present or not depending on the inputs the inputs are coming from various sources as under GET requests POST Requests, HTML Form data Cookies stored HTTP Headers File Uploads RSS Feeds External data stores or web services There are four tyoes if data arriving Data from reuest going to be displayed in the browser Dat from the request Data from the responsegoing to the displayed in the browser Any web servise from a method after processing from API Risks:Thes risks of data view are of two types 1. Attacking the web application 2. Attacking the users of the said web application Types of attacke:All attack the web application hosted and running on the web server Injsection attacks: SAL and Command Injections File Inclusion: Local file inclusion and Remote file inclusion

HTTP Response splitting attacking HTTP Attacking web application user:All these attacks are meant to attack the user if the web application through it. Cross site script or commonly known as XSS Cross sote request forgery also called sea surf Broken authentication and sessions Management Why should we make secure web applications:Malicious users, automated programs, ignorant users are all trying to break your web application as we speak. Web application which get hacked go down or fail while being used to bring disrepute tp your company, can attack financial damages and can be used to attack other targets on the internet. How do we achieve:Always do server side validation at ever input point. Any or every data point that originates from outside your web application is bad unless proved otherwise. GET, POST, COOKIES, FILES all requests are bad. So we need to ensure only trusted and good data is processed, is allowed in the data base and is rendered by the browser.

Ensuring integrity of a web application:As a developer we have to ensure that the files have their integrity. The data that flows through is trusted and improper data is dealt with in a known way. You can do with error handlers, exception handling and failing gracefully. If you look it holistically the entire point of your web app is to shovel data from one point to another and do cool things. ATTACKS:-

Net craft